IETF Logo Mail Archive

[Anima] ACP interfaces (was: Use of GRSP in discovery)

Brian E Carpenter <brian.e.carpenter@gmail.com> Tue, 29 November 2016 01:17 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1966212A218 for <anima@ietfa.amsl.com>; Mon, 28 Nov 2016 17:17:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NqhjbY1tx7Dp for <anima@ietfa.amsl.com>; Mon, 28 Nov 2016 17:17:22 -0800 (PST)
Received: from mail-pg0-x236.google.com (mail-pg0-x236.google.com [IPv6:2607:f8b0:400e:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9B2F129432 for <anima@ietf.org>; Mon, 28 Nov 2016 17:17:21 -0800 (PST)
Received: by mail-pg0-x236.google.com with SMTP id p66so62898176pga.2 for <anima@ietf.org>; Mon, 28 Nov 2016 17:17:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=zEkFrLqGozblxUOMyQV1AxsYVPgaezJyajjg7FsUIig=; b=0wKz5g83FhtZ6qm2kcEVmYL2oLawNISnFIJqOl0SNN+mTWj5BKaM2UP9tAu/qjVhpE jkg/mwrvJeWTYaiMHyVE8pzsCYil9uslUJN+627jFDxTCJXuzgqT6b1IjcOX2O4Xg9Sq CajsttJj43R4cDl7KlECYb/C2gPZsOaz/51eozBc4ZPb6fQsMpdT9v1GxBCVZazk4V6R dulqSRZzST10dTeqaAmy17aDfiLVdvy2to//mQuGu8YMM8cTQfjhu4QQbpdByEq5o/QI l7/aGZPE4547EJomcap5oxXu+gkcgH7YHH67zRhd7eFCWqVI5Vyn4M3bzgWRCPJR5iOB 3b9g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=zEkFrLqGozblxUOMyQV1AxsYVPgaezJyajjg7FsUIig=; b=UTTW8Src83ePuDSzThemsbU/1MVHwSA24X56d8ogNQbjSzMYRx+234L5g+ocDR7C9i BAvJMUVFqrs4c8aDzAC7wzd0Mf7g+LkHJecr0D6ch6mbyZRWBYkubi+ngXeVXcgmQl91 20RnYD6YAPUCYgr/YxkA/g1C6X159Icg7TmAERCJsPPanN7uVNOQdRO0ugh0tYjBjyF3 3rhnN7fi903JLfBan3w6fn4mH1DJXfHciVBe0XCVMtdWbn3Kogq8Hg5HGrVvU/PwAR5N LjamV4ngxO4TQNZXnylE44Ri7PLpSJ2SEc9AKWrmTPculfmW86RImpDnVwMfurSig2Bb D5RA==
X-Gm-Message-State: AKaTC005CnTPxawp9mPcogtJ2G/oM0NcicYy+3svxHSPtc8B+Dw7UzDatBmjRKuDCSimUg==
X-Received: by 10.98.83.193 with SMTP id h184mr24706883pfb.175.1480382241229; Mon, 28 Nov 2016 17:17:21 -0800 (PST)
Received: from ?IPv6:2001:df0:0:2006:c0da:ac17:5f6d:8e76? ([2001:df0:0:2006:c0da:ac17:5f6d:8e76]) by smtp.gmail.com with ESMTPSA id f14sm90036780pfk.5.2016.11.28.17.17.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 28 Nov 2016 17:17:20 -0800 (PST)
To: Toerless Eckert <tte@cs.fau.de>
References: <20161031221855.GA1970@faui40p.informatik.uni-erlangen.de> <f1090efc-0fc3-d78f-b535-d16a17946903@gmail.com> <20161104003541.GE6498@faui40p.informatik.uni-erlangen.de> <aebe69d1-497b-c29c-c0a0-72dd89499148@gmail.com> <20161104150250.GI6498@faui40p.informatik.uni-erlangen.de>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
Message-ID: <7cb844d3-9f37-23a2-e630-5182ad0e89fd@gmail.com>
Date: Tue, 29 Nov 2016 14:17:18 +1300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.5.0
MIME-Version: 1.0
In-Reply-To: <20161104150250.GI6498@faui40p.informatik.uni-erlangen.de>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/-vOvFVQr6zcognXJxwKKB9_t5-Q>
Cc: Toerless Eckert <tte+ietf@cs.fau.de>, Anima WG <anima@ietf.org>, Michael Richardson <mcr+ietf@sandelman.ca>
Subject: [Anima] ACP interfaces (was: Use of GRSP in discovery)
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Nov 2016 01:17:24 -0000

I put this aside just before the IETF:

On 05/11/2016 04:02, Toerless Eckert wrote:
> On Fri, Nov 04, 2016 at 08:33:43PM +1300, Brian E Carpenter wrote:
>>> GRASP should have a separate socket for each interface 
>>
>> How many interfaces do you mean? With no ACP, GRASP knows a reasonably
>> small number of physical interfaces, and has to open a socket for each of
>> the to send LL multicasts, and it has to listen for LL multicast from
>> all of them, which as far as I know requires a separate socket that is bound
>> to the relevant multicast address.
> 
> If each physcial interface connects to one ACP neighbor, the number
> of logical ACP interfaces would be the same as the number of physical
> interfaces. If an interface is a LAN connecting to N ACP neighbors,
> you would have N ACP virtual interfaces, one for each such neighbor.
> In an implementation of ACP that i could imagine.

Yes, that makes sense.

> Of course, on a LAN with N ACP neighbors, those would be eg: routers
> interconnected via a switch, so if that switch was autonomic itself, then
> you should only see one ACP neighbor, the switch. That the point of the
> discussion about GRASP instead of mDNS for ACP discovery, and of course,
> on the switch, we'd need to figure out how to intercept the ACP messages
> to make that work.
> 
>> In addition it has to open unicast sockets as and when needed, which may
>> be bound to any kind of address. (In the limited instances they will
>> be restricted to link-local unicast, but that's a special case.)
>>
>> I am still missing enough detail about the interfaces and socket options
>> that the ACP will provide to know how this will change when the ACP
>> is there. If there are, e.g., 400 autonomic nodes in the ACP and my node
>> has 4 physical interfaces, each of which has 10 link-local neighbors,
>> how many interfaces will the ACP offer me? 4, 40, 400?
> 
> Never 400. 4 if the L2 switches on the LANs are ACP capable, 40
> otherwise.

Fair enough. 40 is a bit scary (the most my prototype has ever seen is
2, but actually the code should work with 40). I think we should
RECOMMEND that the L2 switches support the ACP.

> 
>>> - but use that
>>> socket both for sending and receiving. No shared socket for reception.
>>
>> Why not? There's no problem identifying the source interface for a multicast,
>> it comes right back in recvfrom() (at least on Windows or Linux).
> 
> I probably should not have used "should" when i was recommending
> a separate socket per interface but instead:
> 
> -> To me the logic of dealing with multiple interfaces wold be most
>    easy if an implementation could have a separate socket for each
>    interface, physcial and ACP-channel (aka: per ACP neighbor).
>    With that approach, its clear at the socket level, which sockets
>    belong to which security domain, and you do not have to
>    enforce that via filtering when you receive messages.

Not sure it's an issue, but certainly I don't see a problem in doing
that - but again, better with 4 interfaces than 40.

> Socket API is a lot of confusing complexity. I haven't played with LL
> IP6 myself on linux, so i can only guess:
> 
> - Lets assume you bind your socket to the LL IPv6 address of an interface
>   via what the API doc calls the "scope ID" (which really is a zone ID).

Yes, Zone ID is the correct IPv6 terminology, but in any case it's
much cleaner to use interface numbers IMHO. My code figures that out
on both Windows and Linux, but they are quite different. In this area
Winsock seems to be superior to POSIX, even when viewed through
the Python library.

>   You should then be able to send/receive only from/to that interface.
> - I am not sure what impact this has on multicast. I was hoping that you
>   could still do the setsockopt to add the GRASP LL IPv6 multicasr group,
>   and in that API call you'd equally indicate your LL IPv6 addr and
>   would then send and receive IPv6 LL multicast only on that interface.

Yes, you must do IPV6_JOIN_GROUP for each interface separately,
with the right mreq structure. If I can inflict more Python on you,
this is how I join the group on all interfaces with the same socket
(slightly simplified):

for i in _ll_zone_ids:
    mreq = ALL_GRASP_NEIGHBOR_6.packed + struct.pack('@I', i)
    mcrsock.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_JOIN_GROUP, mreq)

so it would be easy to do that with separate sockets. You'd need a
thread per socket, however. With a single socket, you don't need
that.

> I have not tested this, so this is right now just conjecture.

No, it's correct for both POSIX and Winsock.

>>> GARSP only needs to figure out which interface is physcial and which
>>> is ACP. On router-OSs, each interface would be assigned to a VRF, so 
>>> it's easy to enumerate the interfaces of eg: the ACP being one VRF.

VRFs on Linux may turn out to be a dark art; a quick Google didn't
help much. I didn't get much out of
https://www.kernel.org/doc/Documentation/networking/vrf.txt

>>
>> I would assume that the adjacency table would provide that sort of clue.
>> To make my code agnostic about Winsock vs POSIX, I just use the interface
>> numbers, not the names, and they should be system-wide unique.
> 
> Have to look at your code..
> 
>>> Right. But this is not a new ACP thing. Any existing IETF protocol
>>> implementation that uses link-local addresses and runs on any type of
>>> any form of physical or virtual interface needs some form of interface
>>> representation at the API level to send/receive LL packets. Thats why
>>> i am somewhat hesitant to add explanatory text for this to the ACP
>>> draft. It's supposed to be implied by the IPv6 addressing model and
>>> common practice in IETF documents that its not regurgitated too much.
>>
>> No, it doesn't need much text but it really isn't obvious at all from
>> the ACP draft, I assure you.
> 
> Can you propose text ?

Not sure I can. But something along the lines of:

The ACP will appear to its users as a VRF instance that supports
various network interfaces which in turn support standard TCP/IP
sockets. These sockets can support link-local or global-scope
IPv6 addresses. Multicast support SHOULD be limited to link-local
operations. The way in which a program using the ACP detects that
the ACP is present and attaches itself to the VRF instance is
implementation-dependent.

IMHO you should also recommend an API for the detection/attachment
and for accessing the adjacency table, but like the GRASP API
that should be a separate document.

Regards
    Brian

> 
> Cheers
>     Toerless
> 
>>>> If you want, I can point you the exact Python code that handles this
>>>> in the prototype.
>>>
>>> Please do. Just not sure when i'll find time.
>>
>> Let me do that when I'm back from my short vacation.
>>
>> Rgds
>>    Brian
>>
>> _______________________________________________
>> Anima mailing list
>> Anima@ietf.org
>> https://www.ietf.org/mailman/listinfo/anima
>

v2.23.0 | Report a Bug | By Email